CVE-2025-1940
published 2025-03-04CVE-2025-1940: A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an…
high7.1CVSS 3.1
AVNACLPRNUIRSUCHILAN
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly.
*This issue only affects Android versions of Firefox.*. This vulnerability was fixed in Firefox 136.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 136.0 | 136.0 |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
osv7.1HIGH
OSV
CVE-2025-1940: A select option could partially obscure the confirmation prompt shown before launching external apps
osv·2025-03-04·CVSS 7.1
CVE-2025-1940 [HIGH] CVE-2025-1940: A select option could partially obscure the confirmation prompt shown before launching external apps
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.
GHSA
GHSA-gqx4-7r84-32m6: A select option could partially obscure the confirmation prompt shown before launching external apps
ghsa_unreviewed·2025-03-04
CVE-2025-1940 [HIGH] CWE-1021 GHSA-gqx4-7r84-32m6: A select option could partially obscure the confirmation prompt shown before launching external apps
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly.
*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.
Red Hat
firefox: Android Intent confirmation prompt tapjacking using Select options
vendor_redhat·2025-03-04·CVSS 7.1
CVE-2025-1940 [HIGH] CWE-451 firefox: Android Intent confirmation prompt tapjacking using Select options
firefox: Android Intent confirmation prompt tapjacking using Select options
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly.
*This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
This issue only affects Andr
Debian
CVE-2025-1940: firefox - A select option could partially obscure the confirmation prompt shown before lau...
vendor_debian·2025·CVSS 7.1
CVE-2025-1940 [HIGH] CVE-2025-1940: firefox - A select option could partially obscure the confirmation prompt shown before lau...
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2025-14: CVE-2025-1940
vendor_mozilla·CVSS 7.1
CVE-2025-1940 [HIGH] Mozilla Foundation Security Advisory 2025-14: CVE-2025-1940
Mozilla Foundation Security Advisory 2025-14
CVE: CVE-2025-1940
Product: Firefox
Impact: high
Fixed in: Firefox 136
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-04
Published